Re: [secdir] Routing loop attacks using IPv6 tunnels

Gabi Nakibly <gnakibly@yahoo.com> Fri, 28 August 2009 19:07 UTC

Return-Path: <gnakibly@yahoo.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4C0333A7181 for <secdir@core3.amsl.com>; Fri, 28 Aug 2009 12:07:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.473
X-Spam-Level:
X-Spam-Status: No, score=-1.473 tagged_above=-999 required=5 tests=[AWL=0.526, BAYES_00=-2.599, J_CHICKENPOX_13=0.6]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xHYf+7S+j44y for <secdir@core3.amsl.com>; Fri, 28 Aug 2009 12:07:42 -0700 (PDT)
Received: from web45502.mail.sp1.yahoo.com (web45502.mail.sp1.yahoo.com [68.180.197.62]) by core3.amsl.com (Postfix) with SMTP id 05CFA28C4D9 for <secdir@ietf.org>; Fri, 28 Aug 2009 12:06:59 -0700 (PDT)
Received: (qmail 99142 invoked by uid 60001); 28 Aug 2009 19:07:03 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1251486423; bh=u9sTV+ETcDmLh9HMJ0AxLWBOytdZazWudvXsvE1vMDA=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=UMyWe38nLkLyql3gAKR6UXbSZjAwlLDHbMI7hwgY9qfVM4tbjcXcl1CAh3OwcGVIosd8eGG4IUaNis1At+h0HhhHTD8WwK/AbPeC7QdqfpYE4SP+IiEKHf+zH5VTfZzARkFyiofQbwZdzb44qD0l0EY0X1TxlKMjuLAHGXi1PQI=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:References:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=pPlx7cL2MRce1y2zN2UZIkbdnTGxw/vd4In+hSEKzoVgANfmN5Tb1PFezkjjL3FbeytRDV20BeWUaJ3B1UcpjejYDKs5gY+UUbYsAyWZVsHgJO6LrWaIHerR1ZroEtxDXlGuVoEkLKfXpilfHvD/8sAPbJaYSRhQ017qWuOo9Is=;
Message-ID: <212591.98462.qm@web45502.mail.sp1.yahoo.com>
X-YMail-OSG: iGaZMakVM1mFX9CKJHXfcLiq7rG9hdY0Y7gK4pPx.r41WoxfvWLEkxQcDn42bT6GcfqU_g5xZQUFluLaFnxoRF9lmoI_mlOTT9doHOeG2w04Rb94PbQv05qCrT8gFHuCerMyCwbAor7rkumyLA3pNSSS4iBxJZ59JVaAhmb9ivvMyR.qXhRcemhkU_usZsBn0Olyb_gHXos1olcD2r3G5ib6VvNmb7yDM6jFLdtph19sIkJyH0OnhU79fUCYcaR4Axh8VNBP
Received: from [89.138.8.21] by web45502.mail.sp1.yahoo.com via HTTP; Fri, 28 Aug 2009 12:07:03 PDT
X-Mailer: YahooMailRC/1358.27 YahooMailWebService/0.7.338.2
References: <475898.88672.qm@web45510.mail.sp1.yahoo.com><39C363776A4E8C4A94691D2BD9D1C9A106514554@XCH-NW-7V2.nw.nos.boeing.com> <39C363776A4E8C4A94691D2BD9D1C9A1065145AE@XCH-NW-7V2.nw.nos.boeing.com> <39C363776A4E8C4A94691D2BD9D1C9A106555996@XCH-NW-7V2.nw.nos.boeing.com>
Date: Fri, 28 Aug 2009 12:07:03 -0700 (PDT)
From: Gabi Nakibly <gnakibly@yahoo.com>
To: "Templin, Fred L" <Fred.L.Templin@boeing.com>, v6ops <v6ops@ops.ietf.org>
In-Reply-To: <39C363776A4E8C4A94691D2BD9D1C9A106555996@XCH-NW-7V2.nw.nos.boeing.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: ipv6@ietf.org, secdir@ietf.org
Subject: Re: [secdir] Routing loop attacks using IPv6 tunnels
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Aug 2009 19:07:42 -0000

Correct. All the attacks rely on the fact that the ISATAP router encapsulates/decapsulates a packet the 6to4 relay decapsulates/encapsulates, respectively. So the two tunnels must have the same encapsulation type.

----- Original Message ----
> From: "Templin, Fred L" <Fred.L.Templin@boeing.com>
> To: Gabi Nakibly <gnakibly@yahoo.com>om>; v6ops <v6ops@ops.ietf.org>
> Cc: ipv6@ietf.org; secdir@ietf.org
> Sent: Friday, August 28, 2009 7:23:03 PM
> Subject: RE: Routing loop attacks using IPv6 tunnels
> 
> Gabi,
> 
> Correct me if I am wrong, but if there were a new version
> of ISATAP that did not use ip-proto-41 encapsulation but
> instead used a different kind of encapsulation, then it
> need not concern itself with routing loop interactions
> with 6to4 relays since 6to4 relays only know about
> ip-proto-41. Does that match your understanding? 
> 
> Thanks - Fred
> fred.l.templin@boeing.com